1-6
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Objects
  Configuring Objects
Detailed Steps
Example
To create a service object, enter the following commands:
hostname (config)# object service SERVOBJECT1
hostname (config-service-object)# service tcp source eq www destination eq ssh
Configuring a Service Group
A service object group includes a mix of protocols, if desired, including optional source and destination 
ports for TCP or UDP.
Command Purpose
Step 1
object service obj_name
Example:
hostname(config)# object-service 
SERVOBJECT1
Creates a new service object. The obj_name is a text string up to 
64 characters in length and can be any combination of letters, 
digits, and the following characters:
• underscore “_”
• dash “-”
• period “.”
The prompt changes to service object configuration mode.
Step 2
service {protocol | icmp icmp-type 
[icmp_code] | icmp6 icmp6-type [icmp_code] 
| {tcp | udp} [source operator port] 
[destination operator port]} 
Example:
hostname(config-service-object)# service 
tcp source eq www destination eq ssh
Creates a service object for the source mapped address. 
The protocol argument specifies an IP protocol name or number.
The icmp, tcp, or udp keywords specify that this service object is 
for either the ICMP, TCP, or UDP protocol.
The icmp-type argument names the ICMP type. The optional 
icmp_code specifies an ICMP code, between 1 and 255.
The icmp6 keyword specifies that the service type is for ICMP 
version 6 connections. The icmp6-type argument names the ICMP 
version 6 type. The optional icmp_code specifies an ICMP code, 
between 1 and 255.
For TCP or UDP, the source keyword specifies the source port. 
For TCP or UDP, the destination keyword specifies the 
destination port.
The operator port argument specifies a single port/code value that 
supports configuring the port for the protocol. You can specify 
“eq,” “neq,” “lt,” “gt,” and “range” when configuring a port for 
TCP or UDP. The “range” operator lists the beginning port and 
ending port.